Wireshark · Wireshark-dev: Re: [Wireshark-dev] TDS : TLS Exchange

Wireshark-dev: Re: [Wireshark-dev] TDS : TLS Exchange

From: Craig Jackson <cejackson51@xxxxxxxxx>

Date: Fri, 14 Aug 2020 12:28:38 -0400

I had thought about trying to decode that, but all of the test traces I had were proprietary. I'm hoping that the TDS isn't decodable (without other key information) but the TLS exchange should be. It requires knowing more about TLS. :-)

Craig

On Fri, Aug 14, 2020 at 10:31 AM Graham Bloice <graham.bloice@xxxxxxxxxxxxx> wrote:

Yep, that's what's happening, see here: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-tds/60f56408-0188-4cd5-8b90-25c6f2423868, somewhat similar to the STARTTLS behaviour in SMTP for example.

There's currently no code in the TDS dissector to hand-off to the TLS dissector.

On Fri, 14 Aug 2020 at 14:50, nalini.elkins@xxxxxxxxxxxxxxxxxx <nalini.elkins@xxxxxxxxxxxxxxxxxx> wrote:
Hello List,

I have a trace from a Microsoft SQL server using TDS.

Tabular Data Stream

Tabular Data Stream
During the early development of Sybase SQL Server, the developers at Sybase perceived the lack of a commonly acc...

It looks like the first part of it is the TLS exchange. I am attaching trace. Any thoughts on a potential breakout of this?

If I decode as TLS, then the application data packets appear to decode fine but not the TLS handshake.

Thoughts?

Nalini Elkins
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

--
Graham Bloice
Software Developer
Trihedral UK Limited
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

References:
- [Wireshark-dev] TDS : TLS Exchange
  - From: nalini.elkins@xxxxxxxxxxxxxxxxxx
- Re: [Wireshark-dev] TDS : TLS Exchange
  - From: Graham Bloice

Prev by Date: Re: [Wireshark-dev] TDS : TLS Exchange
Next by Date: Re: [Wireshark-dev] GitLab update and migration timeline
Previous by thread: Re: [Wireshark-dev] TDS : TLS Exchange
Next by thread: [Wireshark-dev] Season of Doc query
Index(es):
- Date
- Thread